Outgoing HHS CISO Chris Wlaschin opens up about his departure

U.S. Department of Health and Human Services Chief Information Security Officer Chris Wlaschin will leave his role on March 31, just 15 months in the position. Centers for Medicare and Medicaid Services Chief Information Officer Janet Vogel will take his place.

Reports have circulated regarding the circumstances around his departure, as it comes amid a controversy over the sudden removal of two of the agency’s cybersecurity leaders who were directly under Wlaschin.

HHS officials said his sudden departure was due to family reasons. A fact Wlaschin reiterated to Healthcare IT News this morning: His mother-in-law was diagnosed with Stage Four Lymphoma less than a month ago, and he’s heading back to Nebraska to help his wife care for her during this time.

“I got word, while I was at HIMSS18,” Wlaschin said. His wife packed up and headed back to Nebraska after she heard the news. She’s since been juggling taking care of her mother — while keeping up with their children’s daily routines.

A week later, she asked him to step down. “I’m departing HHS in Washington, D.C at the request of my wife,” Wlaschin said. “I’m leaving the office of information security in a much better place than I found it.”

When asked about the ongoing controversy over Health Cybersecurity and Communications Integration Center Director Maggie Amato and HHS Deputy CISO Leo Scanlon — who’s been on administrative leave for 160 days — Wlaschin said he was unsure why the situation was taking as long as it was.

In fact, Wlaschin said that he’s been pushing for the agency to put out more information surrounding these circumstances. Those details, however, weren’t shared.

“I have faith in HHS that they will handle these events appropriately — and that it will come to a quick resolution,” Wlaschin said.

And in regards to HCCIC, Wlaschin said they are continuing to build strong relationships with the National Health I-SAC and other partners to improve cyber threat info sharing — despite reports to the contrary.

The initiative is focused on preparing the healthcare sector for the next cyber event.

Wlaschin said HCCIC has leaned on other cyber expertise and external partners, in order to make HCCIC more effective. Further, HHS is building a facility in the Humphrey Building, “and bringing in partners from the industry to help with cyber incidents.”

HCCIC has released multiple products to the sector through the Assistant Secretary for Preparedness and Response’s communication channels, as a way to inform the healthcare sector on ongoing cyber threats.

Since Amato’s resignation in the fall, Al Roeder, HCCIC’s Research and Forensics manager, has been the acting director of the agency. Wlaschin said the selection of the new director should be coming soon.

He also said that the agency expects to release some further information on HCCIC’s progress in the near future.

“I’m proud of the work that we’ve done with HCCIC in the last nine months, since WannaCry, really,” said Wlaschin. “I only see the HCCIC getting better.”